This is an automated email from the ASF dual-hosted git repository. jinrongtong pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/rocketmq.git
The following commit(s) were added to refs/heads/develop by this push: new 89fdab4d58 [ISSUE #7752] Fix ppv2 tls ascii start with (byte)2 (#7753) 89fdab4d58 is described below commit 89fdab4d5830ce749e79ad5372d2b349e376c45a Author: dingshuangxi888 <dingshuangxi...@gmail.com> AuthorDate: Mon Jan 15 15:18:45 2024 +0800 [ISSUE #7752] Fix ppv2 tls ascii start with (byte)2 (#7753) * Fix ascii validate for ppv2 tls. * fix ppv2 tls ascii check --------- Co-authored-by: ShuangxiDing <shuangxi....@alibaba-inc.com> --- .../rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java | 9 +++++---- .../org/apache/rocketmq/remoting/netty/NettyRemotingServer.java | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java index b584ddfbdc..cdf33165d7 100644 --- a/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java +++ b/proxy/src/main/java/org/apache/rocketmq/proxy/grpc/ProxyAndTlsProtocolNegotiator.java @@ -41,6 +41,7 @@ import io.grpc.netty.shaded.io.netty.handler.ssl.util.InsecureTrustManagerFactor import io.grpc.netty.shaded.io.netty.handler.ssl.util.SelfSignedCertificate; import io.grpc.netty.shaded.io.netty.util.AsciiString; import io.grpc.netty.shaded.io.netty.util.CharsetUtil; +import java.nio.charset.StandardCharsets; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang3.StringUtils; import org.apache.rocketmq.common.constant.HAProxyConstants; @@ -193,13 +194,13 @@ public class ProxyAndTlsProtocolNegotiator implements InternalProtocolNegotiator } if (CollectionUtils.isNotEmpty(msg.tlvs())) { msg.tlvs().forEach(tlv -> { - byte[] valueBytes = ByteBufUtil.getBytes(tlv.content()); - if (!BinaryUtil.isAscii(valueBytes)) { - return; - } Attributes.Key<String> key = AttributeKeys.valueOf( HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX + String.format("%02x", tlv.typeByteValue())); + byte[] valueBytes = ByteBufUtil.getBytes(tlv.content()); String value = StringUtils.trim(new String(valueBytes, CharsetUtil.UTF_8)); + if (!BinaryUtil.isAscii(value.getBytes(StandardCharsets.UTF_8))) { + return; + } builder.set(key, value); }); } diff --git a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java index 735d36168f..7213b0c24f 100644 --- a/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java +++ b/remoting/src/main/java/org/apache/rocketmq/remoting/netty/NettyRemotingServer.java @@ -55,6 +55,7 @@ import io.netty.util.TimerTask; import io.netty.util.concurrent.DefaultEventExecutorGroup; import java.io.IOException; import java.net.InetSocketAddress; +import java.nio.charset.StandardCharsets; import java.security.cert.CertificateException; import java.time.Duration; import java.util.List; @@ -794,13 +795,13 @@ public class NettyRemotingServer extends NettyRemotingAbstract implements Remoti } if (CollectionUtils.isNotEmpty(msg.tlvs())) { msg.tlvs().forEach(tlv -> { + AttributeKey<String> key = AttributeKeys.valueOf( + HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX + String.format("%02x", tlv.typeByteValue())); byte[] valueBytes = ByteBufUtil.getBytes(tlv.content()); - if (!BinaryUtil.isAscii(valueBytes)) { + String value = StringUtils.trim(new String(valueBytes, CharsetUtil.UTF_8)); + if (!BinaryUtil.isAscii(value.getBytes(StandardCharsets.UTF_8))) { return; } - AttributeKey<String> key = AttributeKeys.valueOf( - HAProxyConstants.PROXY_PROTOCOL_TLV_PREFIX + String.format("%02x", tlv.typeByteValue())); - String value = StringUtils.trim(new String(valueBytes, CharsetUtil.UTF_8)); channel.attr(key).set(value); }); }